The North American Electric Reliability Corporation requires automated event logging as part of Critical Asset Protection Standard 007 (CIP-007). All responsible entities which include generators, owners, operators, Regional Entities and NERC, itself, must automatically logs events that impact the security of their critical cyber assets with a pre-defined electronic security perimeter.

While all NERC CIP Reliability Standards require extensive documentation and paper trails to prove compliance, CIP-007 is the standard that lays out the automated event log requirements.

Overview of CIP-007

CIP-007 is called Systems Security Management. There are eight requirements within the standard that govern everything from asset disposal to malware protection to user authentication. CIP-007 should be read and followed in conjunction with CIP-002 through CIP-009.  Two of the eight requirements require extensive automated event logging; Account Management and Security Status Monitoring.

Account Management

NERC requires that all responsible energy entities establish, implement and document controls that enforce authentication and track all users who access cyber security assets. At minimum this means entities should require and use unique user passwords and track log-ins, both authorized and successful; as well as unauthorized and unsuccessful. NERC requires entities be able to generate event logs of user account access activity for a minimum of ninety days. Entities should also perform a review, as least once per year. This review should be of user account access and verify all access levels are in accordance with all NERC CIP standards.  While shared log-ins are not counter to NERC CIP-007, these types of log-ins should be minimized and at all times documented.

Security Status Monitoring

The security status monitoring requirement mandates that entities establish automated event logging and capture of all events that are related to possible breaches or threats to the electronic security perimeter. In addition to logging events, this requirement asks entities to create a system that automatically alerts them of all potential security breaches. All logs must be maintained for at least 90 days and the responsible entity must review and document review of logs.

NERC Compliance

NERC compliance is not an option. Compliance is enforced and monitoring by the eight Regional Entities who perform regular audits of all entities in their respective region. To be prepared in the event of an audit, entities need to have automated event logging capability. The possibility of an audit  can be daunting, the good news is Versify Solutions is here to help! Call us today.